Update nokogiri and devise to fix security alerts

.rubocop.yml

@@ -1242,4 +1242,10 @@ RSpec/NamedSubject:
 RSpec/VerifiedDoubles:
   Enabled: false
 
+RSpec/LeakyConstantDeclaration:
+  Enabled: false
+
+RSpec/DescribedClass:
+  Enabled: false
+
 inherit_from: .rubocop_rails.yml

Gemfile.lock

@@ -29,7 +29,7 @@ PATH
     decidim-admin (0.19.0.dev)
       active_link_to (~> 1.0)
       decidim-core (= 0.19.0.dev)
-      devise (~> 4.6)
+      devise (~> 4.7)
       devise-i18n (~> 1.2)
       devise_invitable (~> 1.7)
       jquery-rails (~> 4.3)
@@ -76,7 +76,7 @@ PATH
       charlock_holmes (~> 0.7)
       date_validator (~> 0.9.0)
       decidim-api (= 0.19.0.dev)
-      devise (~> 4.6)
+      devise (~> 4.7)
       devise-i18n (~> 1.2)
       doorkeeper (~> 5.1)
       doorkeeper-i18n (~> 4.0)
@@ -111,7 +111,7 @@ PATH
       rubyzip (~> 1.2, >= 1.2.2)
       sassc (~> 1.12, >= 1.12.1)
       sassc-rails (~> 1.3)
-      social-share-button (~> 1.2)
+      social-share-button (~> 1.2, >= 1.2.1)
       spreadsheet (~> 1.2)
       sprockets-es6 (~> 0.9.2)
       truncato (~> 0.7)
@@ -132,7 +132,7 @@ PATH
       factory_bot_rails (~> 4.8)
       i18n-tasks (~> 0.9.18)
       mdl (~> 0.5.0)
-      nokogiri (~> 1.10)
+      nokogiri (>= 1.10.4)
       puma (~> 3.12)
       rails-controller-testing (~> 1.0)
       rspec-cells (~> 0.3.4)
@@ -198,7 +198,7 @@ PATH
     decidim-system (0.19.0.dev)
       active_link_to (~> 1.0)
       decidim-core (= 0.19.0.dev)
-      devise (~> 4.6)
+      devise (~> 4.7)
       devise-i18n (~> 1.2)
       devise_invitable (~> 1.7)
       jquery-rails (~> 4.3)
@@ -272,7 +272,7 @@ GEM
       execjs (~> 2.0)
     batch-loader (1.4.1)
     bcrypt (3.1.13)
-    better_html (1.0.13)
+    better_html (1.0.14)
       actionview (>= 4.0)
       activesupport (>= 4.0)
       ast (~> 2.0)
@@ -285,7 +285,7 @@ GEM
       msgpack (~> 1.0)
     builder (3.2.3)
     byebug (11.0.1)
-    capybara (3.24.0)
+    capybara (3.29.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -309,7 +309,7 @@ GEM
       actionpack (>= 3.0)
       cells (>= 4.1.6, < 5.0.0)
     charlock_holmes (0.7.6)
-    childprocess (1.0.1)
+    childprocess (2.0.0)
       rake (< 13.0)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
@@ -338,13 +338,13 @@ GEM
     declarative-option (0.1.0)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.6.2)
+    devise (4.7.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 6.0)
+      railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    devise-i18n (1.8.0)
+    devise-i18n (1.8.2)
       devise (>= 4.6)
     devise_invitable (1.7.5)
       actionmailer (>= 4.1.0)
@@ -357,11 +357,11 @@ GEM
     docile (1.3.2)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.1.0)
+    doorkeeper (5.2.0)
       railties (>= 5)
     doorkeeper-i18n (4.0.1)
     equalizer (0.0.11)
-    erb_lint (0.0.28)
+    erb_lint (0.0.29)
       activesupport
       better_html (~> 1.0.7)
       html_tokenizer
@@ -404,11 +404,12 @@ GEM
       railties
       sprockets-rails
     graphql (1.9.6)
-    hashdiff (1.0.0.beta1)
+    hashdiff (1.0.0)
     hashie (3.6.0)
     highline (2.0.2)
     html_tokenizer (0.0.7)
     htmlentities (4.3.4)
+    http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
     httparty (0.17.0)
@@ -430,7 +431,7 @@ GEM
       ice_cube (~> 0.16)
     ice_cube (0.16.3)
     ice_nine (0.11.2)
-    invisible_captcha (0.12.1)
+    invisible_captcha (0.12.2)
       rails (>= 3.2.0)
     jaro_winkler (1.5.3)
     jquery-rails (4.3.5)
@@ -497,7 +498,7 @@ GEM
     netrc (0.11.0)
     nio4r (2.3.1)
     nobspw (0.6.1)
-    nokogiri (1.10.3)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     oauth (0.5.4)
     oauth2 (1.4.1)
@@ -511,10 +512,10 @@ GEM
       rack (>= 1.6.2, < 3)
     omniauth-facebook (5.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-google-oauth2 (0.7.0)
+    omniauth-google-oauth2 (0.8.0)
       jwt (>= 2.0)
       omniauth (>= 1.1.1)
-      omniauth-oauth2 (>= 1.5)
+      omniauth-oauth2 (>= 1.6)
     omniauth-oauth (1.1.0)
       oauth
       omniauth (~> 1.0)
@@ -530,11 +531,11 @@ GEM
     origami (2.1.0)
       colorize (~> 0.7)
     orm_adapter (0.5.0)
-    paper_trail (10.3.0)
-      activerecord (>= 4.2, < 6.1)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
       request_store (~> 1.1)
     parallel (1.17.0)
-    parser (2.6.3.0)
+    parser (2.6.4.1)
       ast (~> 2.4.0)
     pg (1.1.4)
     pg_search (2.3.0)
@@ -575,7 +576,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
+    rails-html-sanitizer (1.2.0)
       loofah (~> 2.2, >= 2.2.2)
     rails-i18n (5.1.3)
       i18n (>= 0.7, < 2)
@@ -587,7 +588,7 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
-    rake (12.3.2)
+    rake (12.3.3)
     ransack (2.1.1)
       actionpack (>= 5.0)
       activerecord (>= 5.0)
@@ -604,13 +605,14 @@ GEM
       wisper (>= 1.6.1)
     redcarpet (3.5.0)
     redis (4.1.2)
-    regexp_parser (1.5.1)
+    regexp_parser (1.6.0)
     request_store (1.4.1)
       rack (>= 1.4)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    rest-client (2.0.2)
+    responders (3.0.0)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
@@ -621,7 +623,7 @@ GEM
     rspec-cells (0.3.4)
       cells (>= 4.0.0, < 6.0.0)
       rspec-rails (~> 3.2)
-    rspec-core (3.8.1)
+    rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.4)
       diff-lcs (>= 1.2.0, < 2.0)
@@ -653,7 +655,7 @@ GEM
     rubocop-rails (2.0.1)
       rack (>= 1.1)
       rubocop (>= 0.70.0)
-    rubocop-rspec (1.33.0)
+    rubocop-rspec (1.35.0)
       rubocop (>= 0.60.0)
     ruby-ole (1.2.12.2)
     ruby-progressbar (1.10.1)
@@ -672,15 +674,15 @@ GEM
       sprockets-rails
       tilt
     searchlight (4.1.0)
-    selenium-webdriver (3.142.3)
-      childprocess (>= 0.5, < 2.0)
+    selenium-webdriver (3.142.4)
+      childprocess (>= 0.5, < 3.0)
       rubyzip (~> 1.2, >= 1.2.2)
-    simplecov (0.16.1)
+    simplecov (0.17.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    smart_properties (1.14.0)
+    smart_properties (1.15.0)
     social-share-button (1.2.1)
       coffee-rails
     spreadsheet (1.2.4)
@@ -738,7 +740,7 @@ GEM
       activemodel (>= 5.0)
       bindex (>= 0.4.0)
       railties (>= 5.0)
-    webmock (3.6.0)
+    webmock (3.7.4)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)

decidim-accountability/app/views/decidim/accountability/admin/results/_proposals.html.erb

@@ -2,7 +2,7 @@
   <h1><%= t(".current_selection") %></h1>
 </div>
 <div class="picker-content">
-  <input type="text" name="proposal-search" id="data_picker-autocomplete" />
+  <input type="text" name="proposal-search" id="data_picker-autocomplete">
 </div>
 <div class="picker-footer">
   <div class="buttons button--double">

decidim-accountability/app/views/decidim/accountability/admin/results/index.html.erb

@@ -24,7 +24,7 @@
           <% results.each do |result| %>
             <tr data-id="<%= result.id %>">
               <td>
-                <%= link_to translated_attribute(result.title), results_path(parent_id: result.id) %><br />
+                <%= link_to translated_attribute(result.title), results_path(parent_id: result.id) %><br>
               </td>
               <td class="table-list__actions">
                 <%= icon_link_to "eye", resource_locator(result).path, t("actions.preview", scope: "decidim.accountability"), class: "action-icon--preview", target: :blank %>

decidim-accountability/app/views/decidim/accountability/admin/statuses/index.html.erb

@@ -21,7 +21,7 @@
         <tbody>
           <% statuses.each do |status| %>
             <tr data-id="<%= status.id %>">
-              <td><%= status.key %><br /></td>
+              <td><%= status.key %><br></td>
               <td><%= translated_attribute(status.name) %></td>
               <td><%= truncate translated_attribute(status.description), lenght: 50 %></td>
               <td><%= status.progress %></td>

decidim-accountability/app/views/decidim/accountability/admin/timeline_entries/index.html.erb

@@ -20,7 +20,7 @@
         <tbody>
           <% timeline_entries.each do |timeline_entry| %>
             <tr data-id="<%= timeline_entry.id %>">
-              <td><%= timeline_entry.entry_date %><br /></td>
+              <td><%= timeline_entry.entry_date %><br></td>
               <td><%= translated_attribute(timeline_entry.description) %></td>
               <td class="table-list__actions">
                 <% if allowed_to? :update, :timeline_entry, timeline_entry: timeline_entry %>

decidim-accountability/app/views/decidim/accountability/results/_show_leaf.html.erb

@@ -58,7 +58,7 @@
         </div>
       </div>
 
-      <hr />
+      <hr>
 
       <div class="small-12 mediumlarge-8 large-9 columns">
         <div class="section result-description">

decidim-admin/app/views/decidim/admin/attachment_collections/index.html.erb

@@ -22,7 +22,7 @@
             <% collection_for.attachment_collections.each do |attachment_collection| %>
               <tr data-id="<%= attachment_collection.id %>">
                 <td>
-                  <%= link_to translated_attribute(attachment_collection.name), edit_polymorphic_path([collection_for, attachment_collection]) %><br />
+                  <%= link_to translated_attribute(attachment_collection.name), edit_polymorphic_path([collection_for, attachment_collection]) %><br>
                 </td>
                 <td class="table-list__actions">
                   <% if allowed_to? :update, :attachment_collection, attachment_collection: attachment_collection %>

decidim-admin/app/views/decidim/admin/attachment_collections/show.html.erb

@@ -1,7 +1,7 @@
 <h3><%= translated_attribute(@attachment_collection.name) %></h3>
 
 <div class="actions">
-  <hr />
+  <hr>
   <%= link_to t("decidim.admin.actions.edit"), ["edit", @attachment_collection.collection_for, @attachment_collection], class: "button" if allowed_to? :update, :attachment_collection, attachment_collection: @attachment_collection %>
   <%= link_to t("decidim.admin.actions.destroy"), [@attachment_collection.collection_for, @attachment_collection], method: :delete, class: "alert button", data: { confirm: t("decidim.admin.actions.confirm_destroy") } if allowed_to? :destroy, :attachment_collection, attachment_collection: @attachment_collection %>
 </div>

decidim-admin/app/views/decidim/admin/attachments/index.html.erb

@@ -25,7 +25,7 @@
             <% attached_to.attachments.each do |attachment| %>
               <tr data-id="<%= attachment.id %>">
                 <td>
-                  <%= link_to translated_attribute(attachment.title), edit_polymorphic_path([attached_to, attachment]) %><br />
+                  <%= link_to translated_attribute(attachment.title), edit_polymorphic_path([attached_to, attachment]) %><br>
                 </td>
                 <td>
                   <%= translated_attribute(attachment.attachment_collection&.name) %>

decidim-admin/app/views/decidim/admin/attachments/show.html.erb

@@ -1,7 +1,7 @@
 <h3><%= translated_attribute(@attachment.title) %></h3>
 
 <div class="actions">
-  <hr />
+  <hr>
   <%= link_to t("decidim.admin.actions.edit"), ["edit", @attachment.attached_to, @attachment] if allowed_to? :update, :attachment, attachment: @attachment %>
   <%= link_to t("decidim.admin.actions.destroy"), [@attachment.attached_to, @attachment], method: :delete, class: "alert button", data: { confirm: t("decidim.admin.actions.confirm_destroy") } if allowed_to? :destroy, :attachment, attachment: @attachment %>
 </div>

decidim-admin/app/views/decidim/admin/categories/index.html.erb

@@ -22,7 +22,7 @@
             <% current_participatory_space.categories.first_class.each do |category| %>
               <tr>
                 <td>
-                  <%= link_to translated_attribute(category.name), edit_category_path(current_participatory_space, category) %><br />
+                  <%= link_to translated_attribute(category.name), edit_category_path(current_participatory_space, category) %><br>
                 </td>
                 <td class="table-list__actions">
                   <% if allowed_to? :update, :category, category: category %>
@@ -43,7 +43,7 @@
               <% category.subcategories.each do |subcategory| %>
                 <tr class="extra__table-list__subcategory">
                   <td>
-                    <%= link_to translated_attribute(subcategory.name), edit_category_path(current_participatory_space, subcategory) %><br />
+                    <%= link_to translated_attribute(subcategory.name), edit_category_path(current_participatory_space, subcategory) %><br>
                   </td>
                   <td class="table-list__actions">
                   <% if allowed_to? :update, :category, category: subcategory %>

decidim-admin/app/views/decidim/admin/categories/show.html.erb

@@ -1,7 +1,7 @@
 <h3><%= translated_attribute(@category.name) %></h3>
 
 <div class="actions">
-  <hr />
+  <hr>
   <%= link_to t("decidim.admin.actions.edit"), ["edit", participatory_space, @category] if allowed_to? :update, :category, category: @category %>
   <%= link_to t("decidim.admin.actions.destroy"), [participatory_space, @category], method: :delete, class: "alert button", data: { confirm: t("decidim.admin.actions.confirm_destroy") } if allowed_to? :destroy, :category, category: @category %>
 </div>

decidim-admin/app/views/decidim/admin/newsletters/select_recipients_to_deliver.html.erb

@@ -22,7 +22,7 @@
                   <p class="help-text"><%= t ".all_users_help" %></p>
                 </div>
               </div>
-              <hr class="reset mt-s mb-s" />
+              <hr class="reset mt-s mb-s">
             <% end %>
             <div class="grid-x grid-padding-x">
               <div class="cell small-12 medium-6" id="send_newsletter_to_followers">

decidim-admin/app/views/decidim/admin/participatory_space_private_users/index.html.erb

@@ -26,10 +26,10 @@
             <% collection.each do |private_user| %>
               <tr>
                 <td>
-                  <%= private_user.user.name %><br />
+                  <%= private_user.user.name %><br>
                 </td>
                 <td>
-                  <%= private_user.user.email %><br />
+                  <%= private_user.user.email %><br>
                 </td>
                 <td>
                   <% if private_user.user.invitation_sent_at %>

decidim-admin/app/views/decidim/admin/static_pages/_topic.html.erb

@@ -28,7 +28,7 @@
             <% pages.each do |page| %>
               <tr>
                 <td>
-                  <%= link_to translated_attribute(page.title), ["edit", page] %><br />
+                  <%= link_to translated_attribute(page.title), ["edit", page] %><br>
                 </td>
                 <td>
                   <%= l page.created_at, format: :short %>